Cyber liability insurance market trends: survey

Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey on trends that are shaping the cyber insurance marketplace. The survey is intended to give insurance providers and brokers additional insight into the trends and growth potential for data breach and privacy cyber insurance products in the US.

Introduction

While estimates vary widely, the cyber insurance market globally represents over $1 billion of written premiums. The vast majority of this is written in the US where about 35 insurers write cyber insurance as a stand-alone product, and many more provide the coverage as an endorsement.

The term “cyber liability” means different things to different people. For a corporate risk manager or CIO the issue is how to identify, quantify, mitigate and transfer the risks that face his own operations. For an IT service provider it is how to monitor, understand and outwit cyber criminals and develop new tools to prevent cyber crime. In order to serve the needs of their clients, insurance professionals have to understand the implications of the business risks faced by corporations and offer effective, affordable solutions to their risk transfer needs.

PartnerRe supports several clients that write cyber risk, and recognizes the challenges some of its clients face in this market space due to lack of information. This survey was developed by PartnerRe to provide a starting point for insurance clients and their brokers to make decisions regarding their cyber liability portfolio.

Objectives

With this marketplace in mind, PartnerRe and Advisen conducted a survey in August 2014 of insurance professionals in the cyber sector, to establish:

Is demand increasing? By how much?

What is driving increasing demand?

What industries are driving demand?

What are the biggest obstacles to selling cyber insurance?

What covers are most valued?

What does the future hold?

The results provide a fascinating insight into the demand dynamics in cyber insurance.

Survey respondents

The survey received approximately 500 responses. About 45 percent of the respondents were brokers, 45 percent were insurance carriers, and the remaining 10 percent were risk managers and insurance buyers.

Two-thirds of the carriers surveyed write cyber coverage as both a stand-alone cover and as an endorsement to an existing policy. According to the survey, more than 80 percent endorse existing E&O and professional lines policies. About 12 percent attach the cover to D&O policies, while the remaining respondents endorse cyber on their General Liability, Property or Business Owner policies.

The respondents were asked questions specific to their area of expertise, with some questions aimed at the entire group. For the bulk of this report we combined responses from the underwriters and brokers that offer or sell cyber products.

This report is broken down as follows:

Demand and drivers of the insurance marketplace

Obstacles to selling coverage

Limits management

Coverage (business interruption and cyber extortion)

The final section of the report, ‘Future growth’, features the responses from those carriers and brokers that do not currently offer the product — explaining why they don’t offer it, what they see as the demand from their customers, and if they plan on offering the product within the next three years.

Demand and drivers

Increasing demand widespread The vast majority of respondents indicated some degree of growth in demand for cyber liability. Very few noted no increase in demand for the product. Supporting this finding, respondents are observing that the “sales cycle has shortened since two years ago,” and “hit ratios are improving over the past six months — instead of binding one out of every ten quotes, now binding one out of every five.”

When asked to highlight the top three drivers of growth in the cyber insurance marketplace, “News of a cyber related loss” featured very strongly, followed by “Increased education and awareness of the product” and the “Requirement to buy the cover by a third party”.

One underwriter commented that the education of agents and potential customers was, “critical to the sale in small to mid-sized businesses.” A broker respondent commented that the industry “needs to sell the problem first, before discussing coverage”.

Surprisingly, more than 80 percent of brokers noted heightened interest in cyber coverage at the C-suite or board levels, but this does not appear to have translated into a significant driver of sales.

In terms of highlighting new industry sectors that show increased demand for cyber liability products, 78 percent of respondents indicated the retail sector followed by healthcare, financial services, professional services, and utilities sectors.

This result is interesting as these industries already represent the strongest buyers of cyber insurance products. However, the continued increase in demand suggests that rather than being saturated, there is still plenty of scope for growth in these highly exposed sectors. Given the recent spate of large retail breaches, including Target and Home Depot, it is debatable how much carrier appetite remains for these classes, especially retail.

Obstacles to selling coverage

As with many technical areas of insurance, carriers and brokers require a high level of specialist expertise and skill in order to sell cover and grow the line of business. According to the survey, the majority of brokers selling cyber insurance today have a degree of expertise in the industry.

Sixty-four percent of carriers said that the majority of their business came from brokers or agents specializing in cyber insurance. When asked about their own level of expertise in the cyber sector, 65 percent of brokers considered themselves “moderately knowledgeable” on the subject, while 29 percent were “extremely knowledgeable”.

A broker view

In their role as intermediary between the clients — and importantly, potential clients — and the carrier, brokers have a broad view of market dynamics.

In response to the question, “What are the biggest obstacles to selling this [cyber] coverage?” one answer clearly stood out: “A lack of exposure understanding.

Seventy-three percent of respondents felt that the insured’s lack of understanding of the exposure was the main obstacle. One broker called the sales process, “an uphill battle”, with IT professionals unwilling to accept that their systems could be compromised. Others noted that, “many mid-market clients are still in denial regarding the exposure” or they had “a never-happen-to-me attitude” to the risk.

Closely related, a lack of insurance product information and knowledge on behalf of the brokers was another major factor, according to 48 percent of respondents. One broker commented: “I believe agents don’t sell more or approach customers enough because they lack confidence in talking about the coverage ad exposures with the client.”

The cost of cover — or more pointedly, the lack of provision in corporate budgets for cyber insurance — was another significant obstacle cited by 47 percent of respondents.

In fourth place, brokers felt that the cumbersome application was an obstacle to selling insurance.

An underwriter view

Almost 40 percent of underwriters that provide endorsements agreed that aspects of the underwriting process hindered the sale of endorsements for cyber insurance. Typical comments were: the “application is very cumbersome,” “supplemental applications can be pretty extensive for the endorsement,” “many clients will not be able to provide all the additional documentation for the underwriting process,” and “applications are overly complicated for smaller risks.” This highlights one area in which there is room for improvement for some of the smaller risks.

Limits management

Of those clients already buying cyber insurance cover, there is a trend towards higher limits. Fifty-seven percent of carriers reported that they “sometimes” received a request for higher limits, while 37 percent said that this occurred “frequently.” Given how few carriers had “rarely” or “never” received such a request, there is a clear trend towards increasing demand for higher limits.

Brokers were asked a similar question with the intent to measure how often they had to go to different markets to secure a placement. Given that more than half of broker respondents said they had to build a tower at least “sometimes” it would appear that there is an increasing need for excess market capacity.

Coverage: business interruption and cyber extortion

First party coverage responding to a data breach e.g. notification, credit monitoring, forensics, etc. is the primary driver of the cyber liability product. Other coverage extensions to the cyber insurance policy include business interruption (BI), contingent business interruption (CBI), and cyber extortion.

There have been increasing discussions and awareness around these other coverages, and so respondents were asked to rate the change in demand for BI, CBI, and extortion coverage.

When asked whether they were seeing an increase in demand for these covers, the responses varied greatly between BI and CBI. More than half of brokers and underwriters noted a “slight” increase in demand for BI cover, with 20 percent seeing a “significant” increase.

However, growth in demand for CBI was more muted, with over a third of respondents noting no increase in demand for this cover. This is reflected in the market as not all carriers offer this coverage, with no push by insureds to increase availability at this time. One respondent noted that “the lack of interest in the BI and CBI are due to lack of knowledge about the exposure and coverage options available,” and another notes that “the client relies upon us, the agent, to make sure their exposures are covered — they do not have knowledge of specific coverage such as cyber extortion or business [interruption].”

Cyber extortion, considered a real risk for businesses, was not deemed to be an area of growth by almost 50 percent of brokers and carriers, possibly because this crime does not receive extensive media coverage compared to data breaches. Data on this exposure is more difficult to obtain as most incidents go unreported, yet the threat is real as criminals can threaten to shut down a website, or release data, unless the company pays, putting small and mid-sized entities in particular at risk.

Policy standardization

There were no other coverage-related questions, but respondents were provided with an opportunity to provide commentary, and it is worth noting that many respondents addressed coverage issues. Brokers and underwriters were frustrated by the lack of standardized coverage in the market. As one respondent put it, “forms differ [and] you really need to review forms, options, conditions and exclusions to appropriately discuss benefits with clients.” Another respondent noted that there is a “continuing need to educate producers/account managers on the exposures, differences between carriers/forms and service offerings – still too much selection based solely on pricing without understanding the nuances between forms.”

Future growth

Respondents not currently selling or offering cyber insurance, were asked: “What are the reasons for not selling/offering cyber policies and/or endorsements?”

The main reason for not selling or offering more cyber policies was due to lack of expertise (47 percent) or an inadequate understanding of the risk (18 percent). Some brokers (Other) also admitted they hadn’t yet committed to offering cyber as part of their product suite.

Very few brokers and underwriters blamed the lack of demand, capacity or inadequate pricing for stalling the market growth with less than a quarter of respondents citing these reasons.

To gauge an untapped market, brokers and underwriters who didn’t currently offer a product were asked to estimate what percentage of their customers were interested in buying cyber coverage. Almost half the respondents said that “less than 25 percent” of their clients were interested in the cover. That said, over 25 percent of respondents indicated that they have a sizeable customer base interested in buying cyber coverage.

The market is on track for continued growth, with 60 percent of respondents stating that they intend to start offering or selling cyber insurance in the next three years.

Recommendations

Based on these findings, it is clear that extensive media coverage of high-profile cyber events – coupled with an increased level of expertise and tailored cover in the insurance marketplace – have driven higher demand for cyber insurance in recent months. However, clients’ awareness of their own risks and their unwillingness to spend money on insurance are creating a drag on growth in the sector.

In order to see real growth in the sector, carriers and brokers have a combined role to play in continuing to educate clients, potential clients and other insurance agents and brokers on the benefits of cyber insurance. Only then will the market be in a position where insurance capacity does not outstrip demand.

About PartnerRe

PartnerRe is a leading global reinsurer providing multi-line reinsurance to insurance companies for all lines of business including cyber related risk.

PartnerRe has dedicated underwriters and actuaries working on cyber liability business, and can provide the expertise insurers are looking for in a reinsurance partner. Get in contact with one of our cyber experts.

No doubt about it, blockchain is a powerful, efficiency-enabling technology, but as Markus Bassler candidly explains, for re/insurers it’s also important to be aware of the issues and limitations, and to think carefully about where it could really add value.